Odido Data Breach

11/02/2026 · 6,077,025 records · high risk

0 /100

Gravity Score

Critical

Calculated based on the types of data exposed (11 categories) and the volume of affected records (6,077,025).

Telecom providers typically hold a wide mix of contact, billing, and identity information, which makes them attractive targets. When that data leaks, the consequences can extend from nuisance scams to serious identity fraud.

Odido suffered a breach followed by an extortion attempt. Soon after, the data was released publicly in four separate drops across consecutive days, increasing the exposure window and making it easier for copies to spread.

The published information included names, physical addresses, phone numbers, and email addresses, alongside highly sensitive details such as dates of birth, bank account numbers, and customer service notes. Passport numbers, driver’s licence details, and European national ID numbers were also part of the exposed dataset.

Approximately 6 million unique email addresses were involved. With addresses, phones, birth dates, and government IDs in the same leak, the risk of impersonation, account takeovers, and targeted fraud attempts is significantly higher.

Exposed data

Bank account numbers Customer service comments Dates of birth Driver's licenses Email addresses Genders Government issued IDs Names Passport numbers Phone numbers Physical addresses

What to do based on this breach

Contact your bank to ask about extra alerts and tighter limits, since leaked bank account numbers can be used in fraud attempts

Ask your mobile provider for protections against SIM swap and unauthorised number porting, as phone and identity data raise this risk

Review your credit file and watch for new accounts opened in your name, because government IDs and birth dates were exposed

Use Odido’s official notice and FAQ to guide your next steps and submit GDPR based requests to access, restrict, or delete data where applicable

What can we learn from this breach?

This case underlines how government IDs, birth dates, and banking details require the highest level of protection. Organisations should use strong encryption, strict access controls, and careful review of customer service processes because internal notes can leak too. Practised incident response and clear customer communication help reduce harm and support GDPR aligned transparency.

Was your data exposed?

Check now if your email appears in this breach. It's free, takes 30 seconds and requires no signup.

Check my email

Related breaches

Медицинская лаборатория Гемотест (Gemotest)

21/04/2022 6,341,495 records moderate risk

7 data types in common

Utair

20/03/2019 401,400 records moderate risk

7 data types in common

← All breaches